According to complaints on the Spotify forum, multiple Spotify Free users were hit with malware while kicking back and listening to some tunes. The problem was Spotify delivering adverts laden with malware. These would open malicious websites without permission, exposing users to malicious software.

Spotify responded quickly to the complaints and removed the offending ads from circulation before they could do too much damage. Spotify also issued a statement clarifying the situation, telling Engadget:

“A small number of users have experienced a problem with questionable website pop ups in their default browsers as a result of an isolated issue with an ad on our free tier. We have now identified the source of the problem and have shut it down. We will continue to monitor the situation.”

None of which will be any consolation or comfort to the Spotify users already hit with malware. And if you’re a Spotify Free user you should remain vigilant in case this problem rears its ugly head again in the future. Or upgrade to Spotify Premium to remove the ads (and risk) entirely.

The Danger of Relying on Ads for Revenue

This looks bad on Spotify, as it is essentially the gatekeeper connecting advertisers with users in this instance. However, any website or service which delivers ads to its users could suffer a similar fate. Including your very own MakeUseOf. We serve ads, in case you hadn’t noticed.

The key to dealing with these issues is identifying any source of malware and removing it from circulation. Which, in this instance, Spotify did with impressive speed. And at least Spotify offers a free ad-supported version of its service, unlike Apple Music.

Were you one of the unfortunate users hit with malware while listening to Spotify? How badly was your system compromised? Does this lessen your trust for Spotify? Or make you consider upgrading to Spotify Premium? Please let us know in the comments below!

Your email address will not be published. Required fields are marked *

Comment

Name *

Email *

David H.

October 11, 2016 at 11:46 am

I was affected by this and it's good to hear that it really was caused by Spotify and that I didn't compromise my system in some other way.

My conclusion:
I uninstalled Spotify and won't use it again. It's a pretty bad service anyway. Bad UX design, graphics glitches on two different machines and bands earn a lot less compared to when I buy their stuff on e.g. bandcamp.

Was it real malware that people got, or just a "Your computer has a virus! Call this number at once!" message? I left my computer with Spotify running but paused, and came back to an open browser with 30-40 tabs open and an aggressive pop-up basically telling me my Windows computer was infested with malware, my log-ins were compromised, and my Windows Firewall was disabled. It switched to a BSOD-looking page with more dire warnings saying my "Windows Security Essentials" (sic) could not handle the problem, that Windows could not install "defintion updates" (sic), and everything on my hard drive would be deleted in a few minutes if I didn't call "Microsoft Support" at the given number. As I wasn't running Windows I didn't find it very credible, so I closed the browser and went about my day. I did run Clam, which found no problems, and I haven't seen anything since to make me think there is anything wrong.

I use the client, so I see ads on Spotify, and generally I don't mind it. I use uBlock Origin in my browser, though, and have no qualms about doing so. I'm sorry that sites lose advertising revenue, but I finally felt driven to using an adblocker by:
1) Malvertising.
2) NSFW ads.
3) Video ads with loud sound that launch themselves (often in tabs running in the background and not the current tab).
4) Pop-ups that go full screen when you click on the X to close them, with no way to get rid of them except to close the tab and navigate back to where you were.
5) Full-screen pop-ups that appear every couple of minutes and require you to move them slightly to access the X to close them.

If you don't like adblockers, you should reserve your ire for the advertisers who have annoyed us to the point that we aren't willing to put up with them any more. I'm willing to whitelist sites that ask nicely, though malvertising remains a concern (one of your politer colleagues must have asked nicely at some point, as I have uBlock Origin turned off for MUO), but as long as advertisers/sites won't police themselves, uBlock Origin will police them for me.

Hi, I too was hit after listening to Spotify Free on a Windows 10 machine. Suddenly I noticed several browser pop-ups without having done anything on that pc, no browsers were actually (actively) used by me during that whole time of listening. Alarmed by those (hard-to-kill) pop-ups, I checked for possible malware with Windows Defender (W10 on Anniversary Update). The short scan gave me no infections results, like in "everything clean". The long (and "offline")scan with Defender resulted in 6 malware infections( !) Three days before, the result of a same scan gave me 0 infections, I'm sure it was clean then, so please don't minimise the problem and the consequences of this incident here. We should all be deeply concerned about the malware on all the ad-loaded sites and inside apps. But personally I'm truly saddened (even a bit angry) by Spotifys statement on Engadget (cited above on this site) . First of all, it shows a total lack of interest towards it's users. And, I never got an e-mail or some kind of warning in the Spotify App, the days after they found out about the malicious ads. Shouldn't they send out notifications to their users?? Not everyone will be as precautious and scan on a deep level... Even if it were users of their so-called 'free tier' that don't bring direct revenue, compared to a paid version? The Spotify statement sounded like one big cover-up. Or was it all orchestrated to be able to point the world to their paid tier, as being more secure because the ads are gone there ? If that were true, this is a very very sneaky way of blackmailing the community, than this company should be considered as one of the ugliest web-names in history. But who will tell what was really going on, right?
in any case, the message for Spotify should be clear: "You, as web service company, got a responsibility to all of your users, even the non-direct-paying ones. If we weren't listening to your free music service, then the advertisers wouldn't come to your channel to advertise on it and the revenue-status would take a deep dive... Please respect your users as respect your chairmen, stakeholders and other people looking only to financial aspects. "
And to us, Spotify Free-users: let us hold back a while before really paying such a company, no?....

Dave Parrack is a journalist from the UK. Growing up at a time when the internet was blossoming inspired his fascination with technology. With 10 years experience writing online, he's currently the Tech News writer and Entertainment editor at MakeUseOf. You can follow him at About.me.